Hacking 6.2.0 released

[NeoSnipe]

Check out videos on youtube about how to use RCM mode. The black screen is normal, you need to learn the additional steps.

Thanks.

I did that last days, press vol + and power quickly to boot. For you it’s not a problem about this new update ? I should have something on screen ?

 

[M7L7NK7]

Did you buy it recently? If you did check the serial against this, it may be patched

https://gbatemp.net/threads/switch-...he-first-post-before-asking-questions.481215/

 

[NeoSnipe]

Nop bought it one year ago.

So i found my problem.. forgot to rename in payload.bin

Sorry

--------------------- MERGED ---------------------------

So now i have message after unpackaging os in red :

Error package2 magic invalid

This time it’s the new firmware nintendo who’s block install ?

Thanks again

 

[ZachyCatGames]

So now i have message after unpackaging os in red :

Error package2 magic invalid

This time it’s the new firmware nintendo who’s block install ?

Thanks again

That's because your on 6.2.0

 

[V-Temp]

Probably, but only by forever using CFW to ignore the fuse check.

This has nothing to do with Smash, timing is coincidental. This work was started a long, long time ago and just not passed the final stages of auditing and testing.

 

[Aniblaze]

Please keep us updated!

I'm holding off. Some other people updated their system before me, and had the same setup (SD emuNAND 6.1, OFW 6.2). It works, but as soon as you enter sleep mode on the 6.1 emunand and try to wake up the system, it apparently does a fuse check, forcing a shutdown. So until SX OS fixes that, I'm not updating the system to 6.2 yet. I am running SD emuNAND right now though. It's just that my OFW is still on 6.1 as well.

 

[stephrk398]

Smash requires 6.0.1, don't worry

Any idea if people on 5.1 will be able to use tinfoils ignore FW option? I'm guessing no one knows yet?

 

[hatredg0d]

But if the console is fully banned and you can't load any homebrew could you still apply system updates in the future to play newer retail game carts?

Game carts come with the required system menu version on the cart.

 

[palantine]

The new key generation explained:

The switch has an Nvidia coprocessor ( a second processor) inside of it called the TSEC or Falcon that handles cryptographic operations like AES and verifying signatures. This processor is ordinarily supplied a firmware when the switch boots and then hands over the TSEC key to the boot loader so it can decrypt and load the rest of the firmware.

What was changed in 6.2 is that the TSEC firmware now derives one of the decryption keys internally rather than letting the boot loader do it. This means that despite having full control over the boot process, the derivation of this key now happens secretly where we cannot see it.

I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info. Here is a screenshot I took of reverse engineering the 6.2 TSEC firmware.

 

[The_Green_Nerd]

Just asking: not using SX-OS atm. But planning to do in the future with emunand. Can I savely update to 6.2.0 and still able to install SX-OS and launch a CFW (don't mind if it's 6.1.0)?

 

[palantine]

Just asking: not using SX-OS atm. But planning to do in the future with emunand. Can I savely update to 6.2.0 and still able to install SX-OS and launch a CFW (don't mind if it's 6.1.0)?

I spoke to someone on discord who apparently was running SX emunand on 6.1 and OFW on 6.2. Its just one person but it makes sense that this would work.

 

[The_Green_Nerd]

I spoke to someone on discord who apparently was running SX emunand on 6.1 and OFW on 6.2. Its just one person but it makes sense that this would work.

yeah, but 6.2 also burns a fuse. So you must start 6.1 always from RCM and sleep mode won't work. And I don't have a NAND back-up atm. Which means I must wait until I got my NAND backed up, before I can update. Or are their other ways around?

Also, if I understand you correctly. Hacking 6.2.0 is gonna be a pain in the butt because decrypting is done within another chip on the SoC?

 

[flatty69]

Just a heads up Dont do this and think your safe i had my switch like this and hit update to see if this did block the update and nope it didnt it update to 6.2 from 6.1 so DONT THINK THIS WILL KEPP YOU SAFE DONT HIT THE UPDATE EVEN IF YOU DID THIS TO YOUR DNS "

1. Change DNS to Manual.
2. Set the primary DNS server to 163.172.141.219.
3. Set the secondary DNS 45.248.48.62.
4. Press the save button and then B to return to the network list.
5. EPIC FAILL

 

[lufeig]

Just asking: not using SX-OS atm. But planning to do in the future with emunand. Can I savely update to 6.2.0 and still able to install SX-OS and launch a CFW (don't mind if it's 6.1.0)?

it does work, but you'll loose sleep mode

my sleep mode works, but I'm on ofw 5.1.0 and emunand cfw 6.1.0

 

[SageIsSerious]

TSEC will be TSUCK real soon watch.

 

[Deleted User]

The new key generation explained:

The switch has an Nvidia coprocessor ( a second processor) inside of it called the TSEC or Falcon that handles cryptographic operations like AES and verifying signatures. This processor is ordinarily supplied a firmware when the switch boots and then hands over the TSEC key to the boot loader so it can decrypt and load the rest of the firmware.

What was changed in 6.2 is that the TSEC firmware now derives one of the decryption keys internally rather than letting the boot loader do it. This means that despite having full control over the boot process, the derivation of this key now happens secretly where we cannot see it.

I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info. Here is a screenshot I took of reverse engineering the 6.2 TSEC firmware.

View attachment 149848

Rip

 

[Delerious]

Good thing I just got my second Switch tablet. Granted, this firmware will be cracked to work eventually.

 

[V-Temp]

Good thing I just got my second Switch tablet. Granted, this firmware will be cracked to work eventually.

That isn't granted.

 

[Delerious]

That isn't granted.

Indeed, bad grammar on my part.

 

[Jordan9716]

The new key generation explained:

The switch has an Nvidia coprocessor ( a second processor) inside of it called the TSEC or Falcon that handles cryptographic operations like AES and verifying signatures. This processor is ordinarily supplied a firmware when the switch boots and then hands over the TSEC key to the boot loader so it can decrypt and load the rest of the firmware.

What was changed in 6.2 is that the TSEC firmware now derives one of the decryption keys internally rather than letting the boot loader do it. This means that despite having full control over the boot process, the derivation of this key now happens secretly where we cannot see it.

I'm looking at the TSEC firmware now to research this process but it may be simply out of our reach unless we can exploit or trick the TSEC into doing what we want or leaking the info. Here is a screenshot I took of reverse engineering the 6.2 TSEC firmware.

View attachment 149848

God speed man. Best of luck cracking it!

--------------------- MERGED ---------------------------

Just a heads up Dont do this and think your safe i had my switch like this and hit update to see if this did block the update and nope it didnt it update to 6.2 from 6.1 so DONT THINK THIS WILL KEPP YOU SAFE DONT HIT THE UPDATE EVEN IF YOU DID THIS TO YOUR DNS "

1. Change DNS to Manual.
2. Set the primary DNS server to 163.172.141.219.
3. Set the secondary DNS 45.248.48.62.
4. Press the save button and then B to return to the network list.
5. EPIC FAILL

Same thing happened to me man :/ I was in CFW, I really hate myself for getting careless like this.